Results 1 to 5 of 5

Thread: Syslog setup questions

  1. #1
    sc123 NNTP User

    Default Syslog setup questions


    So I have 10.3 and I'm just trying to setup syslog-ng to listen for and
    log and messages sent from my firewall but I can't figure it out. I
    used the guide 'here' (http://en.opensuse.org/SDB:Syslog_server) but it
    is dated and seems to be missing steps and/or referencing older versions
    of the conf file. Can anyone point me to a newer/better guide or
    assist? Thanks!


    --
    sc123
    ------------------------------------------------------------------------
    sc123's Profile: http://forums.opensuse.org/member.php?userid=19412
    View this thread: http://forums.opensuse.org/showthread.php?t=404253


  2. #2
    ken yap NNTP User

    Default Re: Syslog setup questions


    That guide isn't too far off. First you have to tell syslog-ng to listen
    to messages from other computers. As the comments in
    /etc/syslog-ng/syslog-ng.conf indicate, uncomment this line in the src
    section:


    Code:
    --------------------
    udp(ip("0.0.0.0") port(514));
    --------------------


    Also open your firewall to 514/udp to your LAN machines.

    Since the remote log messages will be mixed with local log messages,
    you might want to write some matching rules so that remote log messages
    go to some other file.


    --
    ken_yap
    ------------------------------------------------------------------------
    ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
    View this thread: http://forums.opensuse.org/showthread.php?t=404253


  3. #3
    sc123 NNTP User

    Default Re: Syslog setup questions


    Thanks for your help - uncommenting that line was the only thing missing
    to get syslog logging.

    I would like to add the code to tell syslog to create a log file for
    just the data coming from my firewall at 192.168.0.1, but I'm unfamiliar
    with the syntax. Would you happen to know what that would be? Right
    now everything is just going to /var/log/allmessages.


    --
    sc123
    ------------------------------------------------------------------------
    sc123's Profile: http://forums.opensuse.org/member.php?userid=19412
    View this thread: http://forums.opensuse.org/showthread.php?t=404253


  4. #4
    ken yap NNTP User

    Default Re: Syslog setup questions


    Have a look at man syslog-ng.conf

    What you probably want to do is to create another source, another
    destination and then connect them up using a log statement so that this
    chain is separate from the existing chain.


    --
    ken_yap
    ------------------------------------------------------------------------
    ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
    View this thread: http://forums.opensuse.org/showthread.php?t=404253


  5. #5
    sc123 NNTP User

    Default Re: Syslog setup questions


    Thanks for your motivation, I gave it a whirl and got it to work. To
    save others from learning, here is what I added (first I re-commented
    out the following in the source "src":


    Code:
    --------------------
    #udp(ip("0.0.0.0") port(514));
    --------------------


    Then I added the following code to create a new source, destination and
    log entry:


    Code:
    --------------------

    source checkpoint {
    #
    # uncomment to process log messages from network:
    #
    udp(ip("0.0.0.0") port(514));
    };

    destination checkpoint { file("/var/log/checkpoint"); };
    log { source(checkpoint); destination(checkpoint); };


    --------------------


    Works like a charm!


    --
    sc123
    ------------------------------------------------------------------------
    sc123's Profile: http://forums.opensuse.org/member.php?userid=19412
    View this thread: http://forums.opensuse.org/showthread.php?t=404253


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •